Step 1: Source

In the first section, you have to define the source network or IP address from where the network packets will be sent. If possible, restrict access to a single host or a group of hosts, rather than allowing any host on the internet to connect.

Step 2: Destination

Now, you will need to pick the destination for your network packets. Because you are directing traffic to a service running on the firewall itself, select the Red interface.

Step 3: Protocol

Choose the service that you wish to make accessible to the outside world. While it is technically possible to select “All” here, that would allow an outsider to connect to any service running on the firewall, and would be a huge security risk. For that reason, choose only those services to which you need to provide access.

Step 4: Done

We are almost done, now. Just make sure that you select the “ACCEPT” option, so that all packets that match your rule are accepted by the firewall and don't forget to add a descriptive remark.